Match Risks/Threats to Solutions

In: Computers and Technology

Submitted By harpal41
Words 270
Pages 2
Match Risks / Threats to Solutions 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources. 8. Errors and weaknesses of network router, firewall, and network appliance configuration file. H. Define a strict zero-day vulnerability window definition. Update devices with the security fixes and software patches right away. 9. WAN eavesdropping. M. Use encryption and virtual private network (VPN) tunneling for secure IP communications.
10. WAN…...

Similar Documents

Nt2580: Unit 1 Match Risks/Threats to Solutions

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user ___C_____ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop ____L___ 5. Unauthorized physical access to the LAN ____N__ 6. LAN server operating system vulnerabilities ____F_ 7. Download of unknown file types from unknown sources by local users ____B___ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H___ 9. WAN eavesdropping ____M___ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ____D___ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ____G___ 13. Corrupt or lost data ____E___ 14. Downtime of customer database ____J__ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. B. Apply file......

Words: 447 - Pages: 2

Match Risks/Treats to Solutions

...Unit 1 Assignment 1: Match Risks/Threats to Solutions Risks or Threats: Answers: 1. Violation of a security policy by a user C 2. Disgruntled employee sabotage i 3. Download of non-business videos using the Internet to an employer-owned computer A 4. Malware infection of a user’s laptop L 5. Unauthorized physical access to the LAN N 6. LAN server operating system vulnerabilities F 7. Download of unknown file types from unknown sources by local users B 8. Errors and weaknesses of a network router, firewall, and network appliance c configuration file H 9. WAN eavesdropping M 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks D 11. Confidential data compromised remotely G 12. Mobile work token stolen K 13. Corrupt or lost data E 14. Downtime of customer database J Solutions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable work station auto-scans and auto-quarantine for unknown file types. B. Apply file transfer monitoring scanning and alarming for unknown file types and sources. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. D. Apply filters on exterior Internet Protocol (IP) stateful firewalls and IP router WAN interfaces. E. Implement......

Words: 398 - Pages: 2

Threat and Risk Assesment

...Associate Level Material Appendix B Security Assessment Directions: Choose one of the Facts for Consideration sections from Ch. 3 of the text and list the page number for the section you chose. Then, complete the following table. List five threats appropriate to the environment from the section you chose. Rate the risk for each threat from 0 (low) to 10 (high). Then, list five appropriate countermeasures. Once you complete the table, write a brief explanation of the countermeasures for the two threats with the highest risk total, stating how the countermeasure reduces the risk associated with that threat. This assessment is based on the Facts for Consideration on page _92_ | | | | |THREAT |RISK |COUNTERMEASURE | | |Probability |Criticality |Total | | |Example: | | | | | |Physical assault |9 |4 |13 |Highly visible officer presence | |Taking over the Bus |5 |10 |15 |Have at least 3 guards on......

Words: 264 - Pages: 2

Threats and Risks Assessment

...Threats and Risks Assessment The determination of natural, man-made, and technological risks is the responsibility of security management and security personnel. Threats and risks are vital to determine to lessen the damages caused to assets within the organization. Retail organizations have many assets that are needed to be protected from threats and risks in order to maintain quality customer service. The threats and risks can either be caused from the inside threats or outside threats. The most common risks that are present in retail organizations are fires, internal and external thefts, and burglaries. Threats and vulnerabilities are managed and determined by security officials on a daily basis to ensure proper protocols are being upheld when risks present themselves. Retail Threat and Risk Assessment The determination of threats and risks that affect all organizations, not just specific organizations, must first be made by using a threat and vulnerability assessment and risk analysis. “The first step in a risk management program is a threat assessment. A threat assessment considers the full spectrum of threats for any given facility/location. The assessment should examine supporting information to evaluate the likelihood of occurrence for each threat” (National Institute of Building Sciences, 2012). The threats and vulnerabilities within the organization are discovered and then a risk analysis is used to determine which risks are most likely to be present......

Words: 1136 - Pages: 5

You Are Presented with a List of Some Risks and Threats Associated with the Seven Domains of a Typical It Infrastructure. Below the List, the Solutions or Preventive Actions to Manage Those Risks and Threats Are Listed.

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user _C_______ 2. Disgruntled employee sabotage _I_______ 3. Download of non-business videos using the Internet to an employer-owned computer ___A_____ 4. Malware infection of a user’s laptop ____L____ 5. Unauthorized physical access to the LAN _____N___ 6. LAN server operating system vulnerabilities ____F____ 7. Download of unknown file types from unknown sources by local users ___B_____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ___H_____ 9. WAN eavesdropping _____M___ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ___D_____ 11. Confidential data compromised remotely __K______ 12. Mobile worker token stolen __G______ 13. Corrupt or lost data _____E___ 14. Downtime of customer database ____J____ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and......

Words: 447 - Pages: 2

Risks or Threats

...Lesson 2: Match Risks or Threats to Solutions Worksheet Instructions You are presented with a list of some of the risks and threats that are associated with the seven domains of a typical information technology (IT) infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or Threats 1. Violation of a security policy by a user 2. Disgruntled employee sabotage 3. Download of nonbusiness videos using the Internet to an employer-owned computer 4. Malware infection of a user’s laptop 5. Unauthorized physical access to the local area network (LAN) C __________ I __________ A __________ L __________ N __________ 6. LAN server operating system vulnerabilities 8. Errors and weaknesses of network router, firewall, and network appliance configuration file 9. Wide area network (WAN) eavesdropping F __________ B 7. Download of unknown file types from unknown sources by local users __________ D __________ M __________ H __________ 11. Confidential data compromised remotely 12. Mobile worker token stolen 13. Corrupt or lost data 14. Downtime of customer database Solutions or Preventative Actions A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. B. Apply file transfer monitoring,......

Words: 500 - Pages: 2

Threats and Risks Assessment

...Threats and Risks Assessment Joshua Watts SEC 400 September 15, 2013 Bill Hale Threats and Risks Assessment Risk is defined as any situation that involves the exposure of or to danger. Threat is defined as an intention or statement to cause damage or hostile action against someone or something for retribution. When security managers don't manage risk properly they are vulnerable to threats. This can be any situation possible will involve some risk and leave someone or something vulnerable to threats, there is no way to eliminate risk completely but there are ways to manage risk and reduce the vulnerabilities and thus reducing the threats. This is one of if not the most crucial part of being a security manager. You will need to constantly do risk and threat assessment of the property or assets you’re in charge of protecting this includes both from seen and un-seen hazards. This is an example of a risk and threat assessment of a local business that I am employed at, had I been a security manager this is what threats and vulnerabilities I found and assessment of how to reduce them. Floor Plan - The floor plan is a 1000 sq. ft. building with a main entrance area and waiting area also housing the bathroom. There’s a middle area with an oven and counters to make pizzas, with a 10 sq. ft. office in the rear corner of the middle area. There is also a rear stock area with a walk in freezer. There are two main doors......

Words: 1098 - Pages: 5

Match Risk/Threats to Solutions

...number. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network. * LAN Domain The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel. It requires strong security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN support group is in charge maintaining and securing this domain. The biggest threat to the LAN domain is Un-authorized access to anything (the LAN, the systems, & the data) on the network. One thing we can do is requiring strict security protocols for this domain, such as disabling all external access ports for the workstation .Here at Richland Investment our Security is also our lifeline to keep our customers finances secure....

Words: 377 - Pages: 2

Nt2580 Unit 1 Assignment Match Risk/Threats to Sulutions

...Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user _____C___ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop ___L_____ 5. Unauthorized physical access to the LAN ___N_____ 6. LAN server operating system vulnerabilities ___F_____ 7. Download of unknown file types from unknown sources by local users ____B____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ___H_____ 9. WAN eavesdropping ___M_____ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ____D____ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ___G_____ 13. Corrupt or lost data ___E_____ 14. Downtime of customer database ____J____ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. D. Apply......

Words: 409 - Pages: 2

Assignment #2 Match Risks/Threats to Solutions

...Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Three IT Infrastructure Domains affected by the “Internal Use Only” data classification standard are User Domain, Workstation Domain and LAN Domain Here at Richmond Investments. * User Domain This Domain is where only one user will have access to it. Generally this is an internal use only. By default, the IT department tries to maintain a certain level of Security for this so no one can access from the outside. Only the IT Department can grant access privileges for a Remote Access Point. The (User Domain) where only the company is responsible for the security of the environment will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data they have access to. * Workstation Domain Workstation Domain, all the users have access. Before a user can log in he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username, password and in some instances Biometrics. A security protocol requires the password to be changed every 90 days and must contain at least one capital letter and one number. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are......

Words: 304 - Pages: 2

Match Threats and Risks

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user _____C___ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop _____L___ 5. Unauthorized physical access to the LAN ___N_____ 6. LAN server operating system vulnerabilities ____F____ 7. Download of unknown file types from unknown sources by local users ____B____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H____ 9. WAN eavesdropping _____M___ 10. WAN denial of service (DoS) or distributed denial of service (DDoS) attacks ____D____ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ____G____ 13. Corrupt or lost data ____E____ 14. Downtime of customer database ___J_____ Solutions or preventative actions: A. Enable content......

Words: 449 - Pages: 2

Risk, Threats, and Vulnerabilties

...Purpose This project provides you an opportunity to analyze risks, threats, and vulnerabilities and apply countermeasures in the information systems environment. Required Source Information and Tools To complete the project, you will need the following: 1. Access to the Internet to perform research for the project * Microsoft Windows How-To, including: * Optimize Windows for Better Performance: http://windows.microsoft.com/en-us/windows/optimize-windows-better-performance - optimize-windows-better-performance=windows-7 * http://windows.microsoft.com/en-us/windows-8/improve-performance-optimizing-hard-drive 8.1 * http://www.makeuseof.com/tag/7-quick-tips-hacks-optimize-windows-10-experience/ win 10 * Monitor Attempts to Access and Change Settings On Your Computer / To Turn On Auditing: http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer * What Information Appears in Event Logs? http://windows.microsoft.com/en-us/windows/what-information-event-logs-event-viewer - 1TC=windows-7 2. Course textbook Learning Objectives and Outcomes You will: * Explain how to assess risks, threats, and vulnerabilities * Evaluate potential outcomes of a malware attack and exposure of confidential information * Evaluate information systems security countermeasures * Explain how system hardening relates to a company’s IT security policy framework ...

Words: 665 - Pages: 3

Threat and Risk Assesment

...Below is my quantitative data findings on the threats and vulnerabilities our qualitative research founded in our look into your company. First we will provide some recent attacks that have happened to other companies. Second we will let you know how likely the attack is to occur at your company. Third we will provide you the real number data to support the idea if you should spend money or not on improving your protection from this type of attack. Spoofing: In 2006 banks were targeted by attackers with a spoofing attack. An article written by McMillan (2006) stated that the attackers were able to hack into the banks' ISP servers and redirect traffic from the legitimate banks' websites to a bogus server. The attackers were able to affect about 20 customers by being able to get them to enter in PINs and other personal information (para. 2). There is an article by Zetter (2012) in which a mathematician noticed that several technology companies and other types of companies used a weak DomainKeys Identified Mail (DKIM) that he was able to break and then use to pretend to be high up personnel in that company. In our report we noted you had in-house servers and the firewalls seem properly configured for outside attacks. In 2014, AOL had its mail service attacked, and the attackers used the email address book to send spam to everyone in the address book as the owner of the email. Spoofing is still a viable attack and even with properly configured network and validation methods......

Words: 2034 - Pages: 9

Aircraft Solutions Risk Assessment

...Aircraft Solutions (AS) Security Assessment Submitted to: Professor SEC-571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: Overview Aircraft Solutions (AS) is a southern California company specializing in cutting edge design and manufacturing. AS supplies products and solutions in the fields of electronics, commercial, defense, and aerospace to a wide variety of customers. AS not only has a highly skilled and trained workforce, but they also utilize state of the art equipment that provides efficiency and productivity rarely seen in this industry. AS’s headquarters is located in San Diego, California while their Commercial Division (CD) is located 40 miles east of San Diego in Chula Vista, California. The AS Defense Division (DD) is located between Los Angeles and San Diego in Orange County, California. AS uses Business Process Management (BPM) to integrate customers, vendors, and suppliers in order to create a successful product. The success of the BPM is closely dependent on the success and efficiency of the Information Technology (IT) process of AS. Customer data, design engineering, and Proof For Production (PFP) are all examples of how AS’s IT success directly impacts their BPM. Vulnerabilities Hardware vulnerability AS has an obvious hardware vulnerability that could potentially have a catastrophic effect on the Chula Vista CD and the rest of AS. AS has a current network architecture that...

Words: 2620 - Pages: 11

Match Risks/Threats to Solutions

...IT-255 – ISS Unit 1 – Assignment 1 Match Risks/Threats to Solutions Match Risks / Threats to Solutions 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. ...

Words: 385 - Pages: 2